From: ramsden at shsu dot edu Operating system: Linux PHP version: 5.3.13 Package: PDO related Bug Type: Bug Bug description:PDO ODBC Segfaults on SQL_SUCCESS_WITH_INFO with SQL_NO_TOTAL
Description: ------------ PDO ODBC is segfaulting when grabbing CLOB data from a MIMER database. When the length of the column's content is <= 256 "C->fetched_len" is equal to the actual length and the CLOB data is returned correctly. When it's greater than 256 "C- >fetched_len" is equal to SQL_NO_TOTAL (-4) and we fall through to the ELSE block in odbc_stmt.c:645. The code prior to this patch (https://github.com/php/php- src/commit/283accdf159ed98f5ac4d2f89f9ee2a2de1c946a#ext/pdo_odbc/odbc_stmt.c) returned CLOB data correctly. With the call to emalloc() and memcpy() having been replaced with a call to estrndup() we now see segfaults: Sample table for code below: --------------- create table blah.clobtest ( id bigint not null, data clob, primary key(id) ); -- grabbing this works correctly insert into blah.clobtest (1, 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxx' ); -- grabbing this causes php pdo segfault insert into blah.clobtest (2, 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' ); Test script: --------------- <?php try { echo "connecting to local mimer...\n"; $db = new PDO('odbc:DSN=test;UID=sysadm;PWD=password'); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $stmt = $db->prepare("select id,data from blah.clobtest where id = 2"); $stmt->execute(); $row = $stmt->fetch(PDO::FETCH_ASSOC); print_r($row); } catch (Exception $e) { die($e->getMessage()); } Expected result: ---------------- It should return an array('ID' => [int], 'DATA' => [string]) of CLOB data regardless of CLOB length. Actual result: -------------- colt@debian:~/Desktop$ gdb php GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/local/bin/php...done. (gdb) run test.php Starting program: /usr/local/bin/php test.php [Thread debugging using libthread_db enabled] connecting to local mimer... [Thu Jun 7 16:39:35 2012] Script: 'test.php' --------------------------------------- /home/colt/Downloads/php-5.3.13/ext/pdo_odbc/odbc_stmt.c(679) : Block 0x08962910 status: Invalid pointer: ((size=0x00000135) != (next.prev=0x78787878)) --------------------------------------- Program received signal SIGSEGV, Segmentation fault. 0x083c9188 in zend_mm_search_large_block (heap=0x8828470, true_size=8240) at /home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:1803 1803 if (ZEND_MM_FREE_BLOCK_SIZE(p) < ZEND_MM_FREE_BLOCK_SIZE(best_fit)) { (gdb) bt #0 0x083c9188 in zend_mm_search_large_block (heap=0x8828470, true_size=8240) at /home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:1803 #1 0x083c9349 in _zend_mm_alloc_int (heap=0x8828470, size=8192, __zend_filename=0x87a5b88 "/home/colt/Downloads/php- 5.3.13/ext/pdo_odbc/odbc_stmt.c", __zend_lineno=679, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:1862 #2 0x083c9b15 in _zend_mm_realloc_int (heap=0x8828470, p=0x8962910, size=8192, __zend_filename=0x87a5b88 "/home/colt/Downloads/php- 5.3.13/ext/pdo_odbc/odbc_stmt.c", __zend_lineno=679, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:2056 #3 0x083caa39 in _erealloc (ptr=0x8962910, size=8192, allow_failure=0, __zend_filename=0x87a5b88 "/home/colt/Downloads/php- 5.3.13/ext/pdo_odbc/odbc_stmt.c", __zend_lineno=679, __zend_orig_filename=0x0, __zend_orig_lineno=0) at /home/colt/Downloads/php-5.3.13/Zend/zend_alloc.c:2371 #4 0x082106a7 in odbc_stmt_get_col (stmt=0x8961658, colno=1, ptr=0xbfffcd8c, len=0xbfffcd88, caller_frees=0xbfffcd84, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/ext/pdo_odbc/odbc_stmt.c:679 #5 0x0820590a in fetch_value (stmt=0x8961658, dest=0x89628cc, colno=1, type_override=0x0, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/ext/pdo/pdo_stmt.c:561 #6 0x0820739e in do_fetch (stmt=0x8961658, do_bind=1, return_value=0x896279c, how=PDO_FETCH_ASSOC, ori=PDO_FETCH_ORI_NEXT, offset=0, return_all=0x0, tsrm_ls=0x8827050) at /home/colt/Downloads/php- 5.3.13/ext/pdo/pdo_stmt.c:1046 #7 0x0820815e in zim_PDOStatement_fetch (ht=1, return_value=0x896279c, return_value_ptr=0x0, this_ptr=0x8960260, return_value_used=1, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/ext/pdo/pdo_stmt.c:1322 #8 0x084278c5 in zend_do_fcall_common_helper_SPEC (execute_data=0x8990de4, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/Zend/zend_vm_execute.h:320 #9 0x0842812d in ZEND_DO_FCALL_BY_NAME_SPEC_HANDLER (execute_data=0x8990de4, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/Zend/zend_vm_execute.h:425 #10 0x08426b5e in execute (op_array=0x8960110, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/Zend/zend_vm_execute.h:107 #11 0x083f43f1 in zend_execute_scripts (type=8, tsrm_ls=0x8827050, retval=0x0, file_count=3) at /home/colt/Downloads/php-5.3.13/Zend/zend.c:1236 #12 0x0836eb1e in php_execute_script (primary_file=0xbffff3a8, tsrm_ls=0x8827050) at /home/colt/Downloads/php-5.3.13/main/main.c:2308 #13 0x084d06ba in main (argc=2, argv=0xbffff524) at /home/colt/Downloads/php- 5.3.13/sapi/cli/php_cli.c:1184 (gdb) -- Edit bug report at https://bugs.php.net/bug.php?id=62255&edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=62255&r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=62255&r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=62255&r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=62255&r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=62255&r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=62255&r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=62255&r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=62255&r=needscript Try newer version: https://bugs.php.net/fix.php?id=62255&r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=62255&r=support Expected behavior: https://bugs.php.net/fix.php?id=62255&r=notwrong Not enough info: https://bugs.php.net/fix.php?id=62255&r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=62255&r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=62255&r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=62255&r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=62255&r=dst IIS Stability: https://bugs.php.net/fix.php?id=62255&r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=62255&r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=62255&r=float No Zend Extensions: https://bugs.php.net/fix.php?id=62255&r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=62255&r=mysqlcfg
